HP FlexNetwork 10500 Series Security Configuration Manual page 152
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Direct authentication/cross-subnet authentication process (with CHAP/PAP authentication)
Figure 47 Direct authentication/cross-subnet authentication process
Authentication
client
1) Initiate a connection
The direct/cross-subnet authentication process is as follows:
1.
A portal user access the Internet through HTTP, and the HTTP packet arrives at the access
device.
If the packet matches a portal free rule, the access device allows the packet to pass.
If the packet does not match any portal-free rule, the access device redirects the packet to
the portal Web server. The portal Web server pushes the Web authentication page to the
user for him to enter his username and password.
2.
The portal Web server submits the user authentication information to the portal authentication
server.
3.
The portal authentication server and the access device exchange CHAP messages. This step
is skipped for PAP authentication. The portal authentication server decides the method (CHAP
or PAP) to use.
4.
The portal authentication server adds the username and password into an authentication
request packet and sends it to the access device. Meanwhile, the portal authentication server
starts a timer to wait for an authentication reply packet.
5.
The access device and the RADIUS server exchange RADIUS packets.
6.
The access device sends an authentication reply packet to the portal authentication server to
notify authentication success or failure.
7.
The portal authentication server sends an authentication success or failure packet to the client.
8.
If the authentication is successful, the portal authentication server sends an authentication
reply acknowledgment packet to the access device.
If the client is an iNode client, the authentication process includes step 9 and step 10 for extended
portal functions. Otherwise the authentication process is complete.
9.
The client and the security policy server exchange security check information. The security
policy server detects whether or not the user host installs anti-virus software, virus definition
files, unauthorized software, and operating system patches.
10. The security policy server authorizes the user to access certain network resources based on
the check result. The access device saves the authorization information and uses it to control
access of the user.
Portal
Portal Web
authentication
server
server
2) User information
3) CHAP authentication
4) Authentication request
Timer
7) Notify login
success
Access
device
authentication
6) Authentication reply
8) Authentication reply
acknowledgment
9) Security check
10) Authorization
138
AAA server
policy server
5) RADIUS
Security
Advertisement
Table of Contents
Troubleshooting
